I’ve got to admit, I use Metasploit during pen tests because it’s easy. However, I still feel guilty – like I’m cheating in some way. That said, my customers prefer the smaller bills and as a practical demonstration to them, it is almost guaranteed to get them to sign for the remedial work necessary! :-)

Fer wut itz worth:
@DRKNT – Nice collection of info on Metasploit. I say Darknet is better off teaching “Hack To Learn”, in order to convert a skiddie. After all, history has taught us, the best way to fight an idea is with another idea.

@bckbn – Video Tuts on everything from Metasploit to simple kismet wardriving are everywhere, and they only become more prolific with the amount of traffic that skiddies generate trying to get “learn” an easy hack. Yep, the skids can be problematic, but trying to hinder them is like trying to hold back the ocean with your hand. In fact its better to let the skids learn a hard lesson or two as most will get hacked trying to take the easy way, more and more black hats are preying on them and their uber vulnerable pay pal accts. Either way, a skiddie will usually burn out from being too lazy to learn or getting hacked too many times, or they move on up the chain and start being proactive about knowledge and the power of information.

However, in light of the possible maladies a skiddie may generate, one has to start somewhere, maybe even (dare I say) as a skiddie. I was too dumb to be a skiddie, so I had to learn by doing and reading actual paper books, plus I was always a bit paranoid about the fedz. Anyway, not all of us are old enough to have started futzing with computers during the dawn of the internets.

To be honest, I don’t mind skiddies all that much, because they are in a place where people like Darknet can influence them into another level of learning and knowledge. Of course, not everyone is on the path to righteousness…

Man, I was sooooo pissed when FrSIRT went all money. That’s where I got the source for my first exploit, THE JPEG OF DEATH.

I didn’t know about “Security Forest” either. Sorry I didn’t see it earlier DKNT :|
@Moons – thx for bringing SF back to our attention!!

@BKBN – One question. How can one completely secure their system, without knowing all the holes to plug first? I think, hopefully, DKNT and I are in agreement that its better to show everyone, all the security holes we can find, so that they know what it is they need to secure. How would anyone know to block or monitor port 23, if they didn’t know that naughty black hats check that port first for simple telnet hacks? Ok so that was two questions. :D

Sorry I’m so long winded on this subject (informing people vs keeping some info for those “in the know”). I had a big flame fest over a post on my blog, titled “How To Make Crack and Freebase Cocaine”. Everyone was going nuts cause I had found the info via google and then reposted it. The point was that any kid COULD find this info, and that parents need to monitor their kids habits on the net, cause the info is and will always be there somewhere. But I got slammed from all sides about how little kids could be reading my blog and seeing this. The point was lost because peeps had an instant emotional reaction instead of realizing that if a total N00b like me could find it then anyone could.
Again, sorry so long.
TRDQ

Backbone: just telling the security professionals, that you should filter the input/output for HTML and javascript to stop XSS attacks won’t be enough till the time they see how it can be exploited..
and we all know filtering the ‘

hey, i know this is a little out of context, but for the past month or so, i have become really interested in the world of hacking and would love to better my knowledge of how security systems work and how to exploit vulnerabilities. i am not one of those stereotypical losers who think they have the rite to just ask around so they can get into their friends’ box, but i am genuinely interested in this. i have downloaded metasploit on my laptop and would like to test it out on another comp connected to my wireless network, to see how hard/easy it is to get into my own system, but i dont have a clue how to use this, would it be possible if you could point me in the rite direction maybe to a tutorial for newbies, where there is a step by step explanation and how it all works.